1 /*  Bluetooth Mesh */
2 
3 /*
4  * SPDX-FileCopyrightText: 2017 Intel Corporation
5  *
6  * SPDX-License-Identifier: Apache-2.0
7  */
8 
9 #include <stdint.h>
10 #include <errno.h>
11 #include <string.h>
12 
13 #include "crypto.h"
14 #include "adv.h"
15 #include "mesh.h"
16 #include "transport.h"
17 #include "access.h"
18 #include "friend.h"
19 #include "foundation.h"
20 #include "mesh_main.h"
21 #include "provisioner_main.h"
22 
23 #ifdef CONFIG_BLE_MESH_FRIEND
24 
25 /* We reserve one extra buffer for each friendship, since we need to be able
26  * to resend the last sent PDU, which sits separately outside of the queue.
27  */
28 #define FRIEND_BUF_COUNT    ((CONFIG_BLE_MESH_FRIEND_QUEUE_SIZE + 1) * \
29                  CONFIG_BLE_MESH_FRIEND_LPN_COUNT)
30 
31 #define FRIEND_ADV(buf) CONTAINER_OF(BLE_MESH_ADV(buf), struct friend_adv, adv)
32 
33 /* PDUs from Friend to the LPN should only be transmitted once with the
34  * smallest possible interval (20ms).
35  */
36 #define FRIEND_XMIT         BLE_MESH_TRANSMIT(0, 20)
37 
38 struct friend_pdu_info {
39     uint16_t src;
40     uint16_t dst;
41 
42     uint8_t  seq[3];
43 
44     uint8_t  ttl:7,
45              ctl:1;
46 
47     uint32_t iv_index;
48 };
49 
50 NET_BUF_POOL_FIXED_DEFINE(friend_buf_pool, FRIEND_BUF_COUNT,
51                           BLE_MESH_ADV_DATA_SIZE, NULL);
52 
53 static struct friend_adv {
54     struct bt_mesh_adv adv;
55     uint16_t app_idx;
56 } adv_pool[FRIEND_BUF_COUNT];
57 
58 enum {
59     BLE_MESH_FRIENDSHIP_TERMINATE_ESTABLISH_FAIL,
60     BLE_MESH_FRIENDSHIP_TERMINATE_POLL_TIMEOUT,
61     BLE_MESH_FRIENDSHIP_TERMINATE_RECV_FRND_REQ,
62     BLE_MESH_FRIENDSHIP_TERMINATE_RECV_FRND_CLEAR,
63     BLE_MESH_FRIENDSHIP_TERMINATE_DISABLE,
64 };
65 
66 static void (*friend_cb)(bool establish, uint16_t lpn_addr, uint8_t reason);
67 
68 static bool friend_init = false;
69 
friend_subnet_get(uint16_t net_idx)70 static struct bt_mesh_subnet *friend_subnet_get(uint16_t net_idx)
71 {
72     struct bt_mesh_subnet *sub = NULL;
73 
74     if (IS_ENABLED(CONFIG_BLE_MESH_NODE) && bt_mesh_is_provisioned()) {
75         sub = bt_mesh_subnet_get(net_idx);
76     } else if (IS_ENABLED(CONFIG_BLE_MESH_PROVISIONER) && bt_mesh_is_provisioner_en()) {
77         sub = bt_mesh_provisioner_subnet_get(net_idx);
78     }
79 
80     return sub;
81 }
82 
adv_alloc(int id)83 static struct bt_mesh_adv *adv_alloc(int id)
84 {
85     adv_pool[id].app_idx = BLE_MESH_KEY_UNUSED;
86     return &adv_pool[id].adv;
87 }
88 
is_lpn_unicast(struct bt_mesh_friend * frnd,uint16_t addr)89 static bool is_lpn_unicast(struct bt_mesh_friend *frnd, uint16_t addr)
90 {
91     if (frnd->lpn == BLE_MESH_ADDR_UNASSIGNED) {
92         return false;
93     }
94 
95     return (addr >= frnd->lpn && addr < (frnd->lpn + frnd->num_elem));
96 }
97 
bt_mesh_friend_find(uint16_t net_idx,uint16_t lpn_addr,bool valid,bool established)98 struct bt_mesh_friend *bt_mesh_friend_find(uint16_t net_idx, uint16_t lpn_addr,
99                                            bool valid, bool established)
100 {
101     int i;
102 
103     BT_DBG("net_idx 0x%04x lpn_addr 0x%04x", net_idx, lpn_addr);
104 
105     for (i = 0; i < ARRAY_SIZE(bt_mesh.frnd); i++) {
106         struct bt_mesh_friend *frnd = &bt_mesh.frnd[i];
107 
108         if (valid && !frnd->valid) {
109             continue;
110         }
111 
112         if (established && !frnd->established) {
113             continue;
114         }
115 
116         if (net_idx != BLE_MESH_KEY_ANY && frnd->net_idx != net_idx) {
117             continue;
118         }
119 
120         if (is_lpn_unicast(frnd, lpn_addr)) {
121             return frnd;
122         }
123     }
124 
125     return NULL;
126 }
127 
purge_buffers(sys_slist_t * list)128 static void purge_buffers(sys_slist_t *list)
129 {
130     while (!sys_slist_is_empty(list)) {
131         struct net_buf *buf = NULL;
132 
133         buf = (void *)sys_slist_get_not_empty(list);
134 
135         buf->frags = NULL;
136         buf->flags &= ~NET_BUF_FRAGS;
137 
138         net_buf_unref(buf);
139     }
140 }
141 
142 /* Intentionally start a little bit late into the ReceiveWindow when
143  * it's large enough. This may improve reliability with some platforms,
144  * like the PTS, where the receiver might not have sufficiently compensated
145  * for internal latencies required to start scanning.
146  */
recv_delay(struct bt_mesh_friend * frnd)147 static int32_t recv_delay(struct bt_mesh_friend *frnd)
148 {
149 #if CONFIG_BLE_MESH_FRIEND_RECV_WIN > 50
150     return (int32_t)frnd->recv_delay + (CONFIG_BLE_MESH_FRIEND_RECV_WIN / 5);
151 #else
152     return frnd->recv_delay;
153 #endif
154 }
155 
friend_clear(struct bt_mesh_friend * frnd,uint8_t reason)156 static void friend_clear(struct bt_mesh_friend *frnd, uint8_t reason)
157 {
158     int i;
159 
160     BT_DBG("LPN 0x%04x", frnd->lpn);
161 
162     k_delayed_work_cancel(&frnd->timer);
163 
164     if (frnd->established) {
165         if (friend_cb) {
166             friend_cb(false, frnd->lpn, reason);
167         }
168     }
169 
170     friend_cred_del(frnd->net_idx, frnd->lpn);
171 
172     if (frnd->last) {
173         /* Cancel the sending if necessary */
174         if (frnd->pending_buf) {
175             bt_mesh_adv_buf_ref_debug(__func__, frnd->last, 2U, BLE_MESH_BUF_REF_EQUAL);
176             BLE_MESH_ADV(frnd->last)->busy = 0U;
177         } else {
178             bt_mesh_adv_buf_ref_debug(__func__, frnd->last, 1U, BLE_MESH_BUF_REF_EQUAL);
179         }
180 
181         net_buf_unref(frnd->last);
182         frnd->last = NULL;
183     }
184 
185     purge_buffers(&frnd->queue);
186 
187     for (i = 0; i < ARRAY_SIZE(frnd->seg); i++) {
188         struct bt_mesh_friend_seg *seg = &frnd->seg[i];
189 
190         purge_buffers(&seg->queue);
191         seg->seg_count = 0U;
192     }
193 
194     frnd->valid = 0U;
195     frnd->established = 0U;
196     frnd->pending_buf = 0U;
197     frnd->fsn = 0U;
198     frnd->queue_size = 0U;
199     frnd->pending_req = 0U;
200     (void)memset(frnd->sub_list, 0, sizeof(frnd->sub_list));
201 }
202 
bt_mesh_friend_clear_net_idx(uint16_t net_idx)203 void bt_mesh_friend_clear_net_idx(uint16_t net_idx)
204 {
205     int i;
206 
207     BT_DBG("net_idx 0x%04x", net_idx);
208 
209     for (i = 0; i < ARRAY_SIZE(bt_mesh.frnd); i++) {
210         struct bt_mesh_friend *frnd = &bt_mesh.frnd[i];
211 
212         if (frnd->net_idx == BLE_MESH_KEY_UNUSED) {
213             continue;
214         }
215 
216         if (net_idx == BLE_MESH_KEY_ANY || frnd->net_idx == net_idx) {
217             friend_clear(frnd, BLE_MESH_FRIENDSHIP_TERMINATE_DISABLE);
218         }
219     }
220 }
221 
bt_mesh_friend_sec_update(uint16_t net_idx)222 void bt_mesh_friend_sec_update(uint16_t net_idx)
223 {
224     int i;
225 
226     BT_DBG("net_idx 0x%04x", net_idx);
227 
228     for (i = 0; i < ARRAY_SIZE(bt_mesh.frnd); i++) {
229         struct bt_mesh_friend *frnd = &bt_mesh.frnd[i];
230 
231         if (frnd->net_idx == BLE_MESH_KEY_UNUSED) {
232             continue;
233         }
234 
235         if (net_idx == BLE_MESH_KEY_ANY || frnd->net_idx == net_idx) {
236             frnd->sec_update = 1U;
237         }
238     }
239 }
240 
bt_mesh_friend_clear(struct bt_mesh_net_rx * rx,struct net_buf_simple * buf)241 int bt_mesh_friend_clear(struct bt_mesh_net_rx *rx, struct net_buf_simple *buf)
242 {
243     struct bt_mesh_ctl_friend_clear *msg = (void *)buf->data;
244     struct bt_mesh_friend *frnd = NULL;
245     uint16_t lpn_addr = 0U, lpn_counter = 0U;
246     struct bt_mesh_net_tx tx = {
247         .sub  = rx->sub,
248         .ctx  = &rx->ctx,
249         .src  = bt_mesh_primary_addr(),
250         .xmit = bt_mesh_net_transmit_get(),
251     };
252     struct bt_mesh_ctl_friend_clear_confirm cfm = {0};
253 
254     if (buf->len < sizeof(*msg)) {
255         BT_WARN("Too short Friend Clear (len %d)", buf->len);
256         return -EINVAL;
257     }
258 
259     lpn_addr = sys_be16_to_cpu(msg->lpn_addr);
260     lpn_counter = sys_be16_to_cpu(msg->lpn_counter);
261 
262     BT_DBG("LPN addr 0x%04x counter 0x%04x", lpn_addr, lpn_counter);
263 
264     frnd = bt_mesh_friend_find(rx->sub->net_idx, lpn_addr, false, false);
265     if (!frnd) {
266         BT_WARN("No matching LPN addr 0x%04x", lpn_addr);
267         return 0;
268     }
269 
270     /* A Friend Clear message is considered valid if the result of the
271      * subtraction of the value of the LPNCounter field of the Friend
272      * Request message (the one that initiated the friendship) from the
273      * value of the LPNCounter field of the Friend Clear message, modulo
274      * 65536, is in the range 0 to 255 inclusive.
275      */
276     if (lpn_counter - frnd->lpn_counter > 255) {
277         BT_WARN("LPN Counter out of range (old %u new %u)",
278                 frnd->lpn_counter, lpn_counter);
279         return 0;
280     }
281 
282     tx.ctx->send_ttl = BLE_MESH_TTL_MAX;
283 
284     cfm.lpn_addr    = msg->lpn_addr;
285     cfm.lpn_counter = msg->lpn_counter;
286 
287     bt_mesh_ctl_send(&tx, TRANS_CTL_OP_FRIEND_CLEAR_CFM, &cfm,
288                      sizeof(cfm), NULL, NULL);
289 
290     friend_clear(frnd, BLE_MESH_FRIENDSHIP_TERMINATE_RECV_FRND_CLEAR);
291 
292     return 0;
293 }
294 
friend_sub_add(struct bt_mesh_friend * frnd,uint16_t addr)295 static void friend_sub_add(struct bt_mesh_friend *frnd, uint16_t addr)
296 {
297     int i;
298 
299     for (i = 0; i < ARRAY_SIZE(frnd->sub_list); i++) {
300         if (frnd->sub_list[i] == BLE_MESH_ADDR_UNASSIGNED) {
301             frnd->sub_list[i] = addr;
302             return;
303         }
304     }
305 
306     BT_WARN("No space in friend subscription list");
307 }
308 
friend_sub_rem(struct bt_mesh_friend * frnd,uint16_t addr)309 static void friend_sub_rem(struct bt_mesh_friend *frnd, uint16_t addr)
310 {
311     int i;
312 
313     for (i = 0; i < ARRAY_SIZE(frnd->sub_list); i++) {
314         if (frnd->sub_list[i] == addr) {
315             frnd->sub_list[i] = BLE_MESH_ADDR_UNASSIGNED;
316             return;
317         }
318     }
319 }
320 
create_friend_pdu(struct bt_mesh_friend * frnd,struct friend_pdu_info * info,struct net_buf_simple * sdu)321 static struct net_buf *create_friend_pdu(struct bt_mesh_friend *frnd,
322                                          struct friend_pdu_info *info,
323                                          struct net_buf_simple *sdu)
324 {
325     struct net_buf *buf = NULL;
326 
327     buf = bt_mesh_adv_create_from_pool(&friend_buf_pool, adv_alloc,
328                                        BLE_MESH_ADV_DATA,
329                                        FRIEND_XMIT, K_NO_WAIT);
330     if (!buf) {
331         return NULL;
332     }
333 
334     net_buf_add_u8(buf, (info->iv_index & 1) << 7); /* Will be reset in encryption */
335 
336     if (info->ctl) {
337         net_buf_add_u8(buf, info->ttl | 0x80);
338     } else {
339         net_buf_add_u8(buf, info->ttl);
340     }
341 
342     net_buf_add_mem(buf, info->seq, sizeof(info->seq));
343 
344     net_buf_add_be16(buf, info->src);
345     net_buf_add_be16(buf, info->dst);
346 
347     net_buf_add_mem(buf, sdu->data, sdu->len);
348 
349     return buf;
350 }
351 
352 struct unseg_app_sdu_meta {
353     struct bt_mesh_net_rx net;
354     const uint8_t *key;
355     struct bt_mesh_subnet *subnet;
356     bool is_dev_key;
357     uint8_t aid;
358     uint8_t *ad;
359 };
360 
unseg_app_sdu_unpack(struct bt_mesh_friend * frnd,struct net_buf * buf,struct unseg_app_sdu_meta * meta)361 static int unseg_app_sdu_unpack(struct bt_mesh_friend *frnd,
362                                 struct net_buf *buf,
363                                 struct unseg_app_sdu_meta *meta)
364 {
365     uint16_t app_idx = FRIEND_ADV(buf)->app_idx;
366     uint8_t role = 0U;
367     int err = 0;
368 
369     meta->subnet = friend_subnet_get(frnd->net_idx);
370     if (!meta->subnet) {
371         BT_ERR("Invalid subnet for unseg app sdu");
372         return -EINVAL;
373     }
374 
375     role = (IS_ENABLED(CONFIG_BLE_MESH_NODE) &&
376             bt_mesh_is_provisioned()) ? NODE : PROVISIONER;
377 
378     meta->is_dev_key = (app_idx == BLE_MESH_KEY_DEV);
379     bt_mesh_net_header_parse(&buf->b, &meta->net);
380     err = bt_mesh_app_key_get(meta->subnet, app_idx, &meta->key,
381                               &meta->aid, role, meta->net.ctx.addr);
382     if (err) {
383         BT_ERR("Failed to get AppKey");
384         return err;
385     }
386 
387     if (BLE_MESH_ADDR_IS_VIRTUAL(meta->net.ctx.recv_dst)) {
388         meta->ad = bt_mesh_label_uuid_get(meta->net.ctx.recv_dst);
389         if (!meta->ad) {
390             BT_ERR("Failed to get label uuid");
391             return -ENOENT;
392         }
393     } else {
394         meta->ad = NULL;
395     }
396 
397     return 0;
398 }
399 
unseg_app_sdu_decrypt(struct bt_mesh_friend * frnd,struct net_buf * buf,const struct unseg_app_sdu_meta * meta)400 static int unseg_app_sdu_decrypt(struct bt_mesh_friend *frnd,
401                                  struct net_buf *buf,
402                                  const struct unseg_app_sdu_meta *meta)
403 {
404     struct net_buf_simple sdu = {0};
405 
406     net_buf_simple_clone(&buf->b, &sdu);
407     net_buf_simple_pull(&sdu, 10);
408     sdu.len -= 4;
409 
410     return bt_mesh_app_decrypt(meta->key, meta->is_dev_key, 0, &sdu, &sdu,
411                                meta->ad, meta->net.ctx.addr,
412                                meta->net.ctx.recv_dst, meta->net.seq,
413                                BLE_MESH_NET_IVI_TX);
414 }
415 
unseg_app_sdu_encrypt(struct bt_mesh_friend * frnd,struct net_buf * buf,const struct unseg_app_sdu_meta * meta)416 static int unseg_app_sdu_encrypt(struct bt_mesh_friend *frnd,
417                                  struct net_buf *buf,
418                                  const struct unseg_app_sdu_meta *meta)
419 {
420     struct net_buf_simple sdu = {0};
421 
422     net_buf_simple_clone(&buf->b, &sdu);
423     net_buf_simple_pull(&sdu, 10);
424     sdu.len -= 4;
425 
426     return bt_mesh_app_encrypt(meta->key, meta->is_dev_key, 0, &sdu,
427                                meta->ad, meta->net.ctx.addr,
428                                meta->net.ctx.recv_dst, bt_mesh.seq,
429                                BLE_MESH_NET_IVI_TX);
430 }
431 
unseg_app_sdu_prepare(struct bt_mesh_friend * frnd,struct net_buf * buf)432 static int unseg_app_sdu_prepare(struct bt_mesh_friend *frnd,
433                                  struct net_buf *buf)
434 {
435     struct unseg_app_sdu_meta meta = {0};
436     int err = 0;
437 
438     if (FRIEND_ADV(buf)->app_idx == BLE_MESH_KEY_UNUSED) {
439         return 0;
440     }
441 
442     err = unseg_app_sdu_unpack(frnd, buf, &meta);
443     if (err) {
444         return err;
445     }
446 
447     /* No need to re-encrypt the message if the sequence number is
448      * unchanged.
449      */
450     if (meta.net.seq == bt_mesh.seq) {
451         return 0;
452     }
453 
454     err = unseg_app_sdu_decrypt(frnd, buf, &meta);
455     if (err) {
456         BT_WARN("Decryption failed! %d", err);
457         return err;
458     }
459 
460     err = unseg_app_sdu_encrypt(frnd, buf, &meta);
461     if (err) {
462         BT_WARN("Re-encryption failed! %d", err);
463     }
464 
465     return err;
466 }
467 
encrypt_friend_pdu(struct bt_mesh_friend * frnd,struct net_buf * buf,bool master_cred)468 static int encrypt_friend_pdu(struct bt_mesh_friend *frnd, struct net_buf *buf,
469                               bool master_cred)
470 {
471     struct bt_mesh_subnet *sub = friend_subnet_get(frnd->net_idx);
472     const uint8_t *enc = NULL, *priv = NULL;
473     uint32_t iv_index = 0U;
474     uint16_t src = 0U;
475     uint8_t nid = 0U;
476     int err = 0;
477 
478     if (!sub) {
479         BT_ERR("Invalid subnet to encrypt friend pdu");
480         return -EINVAL;
481     }
482 
483     if (master_cred) {
484         enc = sub->keys[sub->kr_flag].enc;
485         priv = sub->keys[sub->kr_flag].privacy;
486         nid = sub->keys[sub->kr_flag].nid;
487     } else {
488         if (friend_cred_get(sub, frnd->lpn, &nid, &enc, &priv)) {
489             BT_ERR("friend_cred_get failed");
490             return -ENOENT;
491         }
492     }
493 
494     src = sys_get_be16(&buf->data[5]);
495 
496     if (bt_mesh_elem_find(src)) {
497         uint32_t seq;
498 
499         if (FRIEND_ADV(buf)->app_idx != BLE_MESH_KEY_UNUSED) {
500             err = unseg_app_sdu_prepare(frnd, buf);
501             if (err) {
502                 return err;
503             }
504         }
505 
506         seq = bt_mesh_next_seq();
507         sys_put_be24(seq, &buf->data[2]);
508 
509         iv_index = BLE_MESH_NET_IVI_TX;
510         FRIEND_ADV(buf)->app_idx = BLE_MESH_KEY_UNUSED;
511     } else {
512         uint8_t ivi = (buf->data[0] >> 7);
513         iv_index = (bt_mesh.iv_index - ((bt_mesh.iv_index & 1) != ivi));
514     }
515 
516     buf->data[0] = (nid | (iv_index & 1) << 7);
517 
518     if (bt_mesh_net_encrypt(enc, &buf->b, iv_index, false)) {
519         BT_ERR("Encrypting failed");
520         return -EINVAL;
521     }
522 
523     if (bt_mesh_net_obfuscate(buf->data, iv_index, priv)) {
524         BT_ERR("Obfuscating failed");
525         return -EINVAL;
526     }
527 
528     return 0;
529 }
530 
encode_friend_ctl(struct bt_mesh_friend * frnd,uint8_t ctl_op,struct net_buf_simple * sdu)531 static struct net_buf *encode_friend_ctl(struct bt_mesh_friend *frnd,
532                                          uint8_t ctl_op,
533                                          struct net_buf_simple *sdu)
534 {
535     struct friend_pdu_info info = {0};
536 
537     BT_DBG("LPN 0x%04x", frnd->lpn);
538 
539     net_buf_simple_push_u8(sdu, TRANS_CTL_HDR(ctl_op, 0));
540 
541     info.src = bt_mesh_primary_addr();
542     info.dst = frnd->lpn;
543 
544     info.ctl = 1U;
545     info.ttl = 0U;
546 
547     memset(info.seq, 0, sizeof(info.seq));
548 
549     info.iv_index = BLE_MESH_NET_IVI_TX;
550 
551     return create_friend_pdu(frnd, &info, sdu);
552 }
553 
encode_update(struct bt_mesh_friend * frnd,uint8_t md)554 static struct net_buf *encode_update(struct bt_mesh_friend *frnd, uint8_t md)
555 {
556     struct bt_mesh_ctl_friend_update *upd = NULL;
557     NET_BUF_SIMPLE_DEFINE(sdu, 1 + sizeof(*upd));
558     struct bt_mesh_subnet *sub = friend_subnet_get(frnd->net_idx);
559 
560     if (!sub) {
561         BT_ERR("Friend subnet 0x%04x not found", frnd->net_idx);
562         return NULL;
563     }
564 
565     BT_DBG("lpn 0x%04x md 0x%02x", frnd->lpn, md);
566 
567     net_buf_simple_reserve(&sdu, 1);
568 
569     upd = net_buf_simple_add(&sdu, sizeof(*upd));
570     upd->flags = bt_mesh_net_flags(sub);
571     upd->iv_index = sys_cpu_to_be32(bt_mesh.iv_index);
572     upd->md = md;
573 
574     return encode_friend_ctl(frnd, TRANS_CTL_OP_FRIEND_UPDATE, &sdu);
575 }
576 
enqueue_sub_cfm(struct bt_mesh_friend * frnd,uint8_t xact)577 static void enqueue_sub_cfm(struct bt_mesh_friend *frnd, uint8_t xact)
578 {
579     struct bt_mesh_ctl_friend_sub_confirm *cfm = NULL;
580     NET_BUF_SIMPLE_DEFINE(sdu, 1 + sizeof(*cfm));
581     struct net_buf *buf = NULL;
582 
583     BT_DBG("lpn 0x%04x xact 0x%02x", frnd->lpn, xact);
584 
585     net_buf_simple_reserve(&sdu, 1);
586 
587     cfm = net_buf_simple_add(&sdu, sizeof(*cfm));
588     cfm->xact = xact;
589 
590     buf = encode_friend_ctl(frnd, TRANS_CTL_OP_FRIEND_SUB_CFM, &sdu);
591     if (!buf) {
592         BT_ERR("Unable to encode Subscription List Confirmation");
593         return;
594     }
595 
596     if (encrypt_friend_pdu(frnd, buf, false)) {
597         return;
598     }
599 
600     if (frnd->last) {
601         BT_DBG("Discarding last PDU");
602         net_buf_unref(frnd->last);
603     }
604 
605     frnd->last = buf;
606     frnd->send_last = 1U;
607 }
608 
friend_recv_delay(struct bt_mesh_friend * frnd)609 static void friend_recv_delay(struct bt_mesh_friend *frnd)
610 {
611     frnd->pending_req = 1U;
612     k_delayed_work_submit(&frnd->timer, recv_delay(frnd));
613     BT_INFO("Waiting RecvDelay of %d ms", recv_delay(frnd));
614 }
615 
bt_mesh_friend_sub_add(struct bt_mesh_net_rx * rx,struct net_buf_simple * buf)616 int bt_mesh_friend_sub_add(struct bt_mesh_net_rx *rx,
617                            struct net_buf_simple *buf)
618 {
619     struct bt_mesh_friend *frnd = NULL;
620     uint8_t xact = 0U;
621 
622     if (buf->len < BLE_MESH_FRIEND_SUB_MIN_LEN) {
623         BT_WARN("Too short Friend Subscription Add (len %d)", buf->len);
624         return -EINVAL;
625     }
626 
627     frnd = bt_mesh_friend_find(rx->sub->net_idx, rx->ctx.addr, true, true);
628     if (!frnd) {
629         BT_WARN("No matching LPN addr 0x%04x", rx->ctx.addr);
630         return 0;
631     }
632 
633     if (frnd->pending_buf) {
634         BT_WARN("Previous buffer not yet sent!");
635         return 0;
636     }
637 
638     friend_recv_delay(frnd);
639 
640     xact = net_buf_simple_pull_u8(buf);
641 
642     while (buf->len >= 2U) {
643         friend_sub_add(frnd, net_buf_simple_pull_be16(buf));
644     }
645 
646     enqueue_sub_cfm(frnd, xact);
647 
648     return 0;
649 }
650 
bt_mesh_friend_sub_rem(struct bt_mesh_net_rx * rx,struct net_buf_simple * buf)651 int bt_mesh_friend_sub_rem(struct bt_mesh_net_rx *rx,
652                            struct net_buf_simple *buf)
653 {
654     struct bt_mesh_friend *frnd = NULL;
655     uint8_t xact = 0U;
656 
657     if (buf->len < BLE_MESH_FRIEND_SUB_MIN_LEN) {
658         BT_WARN("Too short Friend Subscription Remove (len %d)", buf->len);
659         return -EINVAL;
660     }
661 
662     frnd = bt_mesh_friend_find(rx->sub->net_idx, rx->ctx.addr, true, true);
663     if (!frnd) {
664         BT_WARN("No matching LPN addr 0x%04x", rx->ctx.addr);
665         return 0;
666     }
667 
668     if (frnd->pending_buf) {
669         BT_WARN("Previous buffer not yet sent!");
670         return 0;
671     }
672 
673     friend_recv_delay(frnd);
674 
675     xact = net_buf_simple_pull_u8(buf);
676 
677     while (buf->len >= 2U) {
678         friend_sub_rem(frnd, net_buf_simple_pull_be16(buf));
679     }
680 
681     enqueue_sub_cfm(frnd, xact);
682 
683     return 0;
684 }
685 
enqueue_buf(struct bt_mesh_friend * frnd,struct net_buf * buf)686 static void enqueue_buf(struct bt_mesh_friend *frnd, struct net_buf *buf)
687 {
688     net_buf_slist_put(&frnd->queue, buf);
689     frnd->queue_size++;
690 }
691 
enqueue_update(struct bt_mesh_friend * frnd,uint8_t md)692 static void enqueue_update(struct bt_mesh_friend *frnd, uint8_t md)
693 {
694     struct net_buf *buf = NULL;
695 
696     buf = encode_update(frnd, md);
697     if (!buf) {
698         BT_ERR("Unable to encode Friend Update");
699         return;
700     }
701 
702     frnd->sec_update = 0U;
703     enqueue_buf(frnd, buf);
704 }
705 
bt_mesh_friend_poll(struct bt_mesh_net_rx * rx,struct net_buf_simple * buf)706 int bt_mesh_friend_poll(struct bt_mesh_net_rx *rx, struct net_buf_simple *buf)
707 {
708     struct bt_mesh_ctl_friend_poll *msg = (void *)buf->data;
709     struct bt_mesh_friend *frnd = NULL;
710 
711     if (buf->len < sizeof(*msg)) {
712         BT_WARN("Too short Friend Poll (len %d)", buf->len);
713         return -EINVAL;
714     }
715 
716     frnd = bt_mesh_friend_find(rx->sub->net_idx, rx->ctx.addr, true, false);
717     if (!frnd) {
718         BT_WARN("No matching LPN addr 0x%04x", rx->ctx.addr);
719         return 0;
720     }
721 
722     if (msg->fsn & ~1) {
723         BT_WARN("Prohibited (non-zero) padding bits");
724         return -EINVAL;
725     }
726 
727     if (frnd->pending_buf) {
728         BT_WARN("Previous buffer not yet sent!");
729         return 0;
730     }
731 
732     BT_DBG("msg->fsn %u frnd->fsn %u", (msg->fsn & 1), frnd->fsn);
733 
734     friend_recv_delay(frnd);
735 
736     if (!frnd->established) {
737         BT_INFO("Friendship established with 0x%04x", frnd->lpn);
738         frnd->established = 1U;
739         if (friend_cb) {
740             friend_cb(true, frnd->lpn, 0);
741         }
742     }
743 
744     if (msg->fsn == frnd->fsn && frnd->last) {
745         BT_DBG("Re-sending last PDU");
746         frnd->send_last = 1U;
747     } else {
748         if (frnd->last) {
749             net_buf_unref(frnd->last);
750             frnd->last = NULL;
751         }
752 
753         frnd->fsn = msg->fsn;
754 
755         if (sys_slist_is_empty(&frnd->queue)) {
756             enqueue_update(frnd, 0);
757             BT_DBG("Enqueued Friend Update to empty queue");
758         }
759     }
760 
761     return 0;
762 }
763 
find_clear(uint16_t prev_friend)764 static struct bt_mesh_friend *find_clear(uint16_t prev_friend)
765 {
766     int i;
767 
768     for (i = 0; i < ARRAY_SIZE(bt_mesh.frnd); i++) {
769         struct bt_mesh_friend *frnd = &bt_mesh.frnd[i];
770 
771         if (frnd->clear.frnd == prev_friend) {
772             return frnd;
773         }
774     }
775 
776     return NULL;
777 }
778 
friend_clear_sent(int err,void * user_data)779 static void friend_clear_sent(int err, void *user_data)
780 {
781     struct bt_mesh_friend *frnd = user_data;
782 
783     k_delayed_work_submit(&frnd->clear.timer,
784                           K_SECONDS(frnd->clear.repeat_sec));
785     frnd->clear.repeat_sec *= 2U;
786 }
787 
788 static const struct bt_mesh_send_cb clear_sent_cb = {
789     .end = friend_clear_sent,
790 };
791 
send_friend_clear(struct bt_mesh_friend * frnd)792 static void send_friend_clear(struct bt_mesh_friend *frnd)
793 {
794     struct bt_mesh_msg_ctx ctx = {
795         .net_idx  = frnd->net_idx,
796         .app_idx  = BLE_MESH_KEY_UNUSED,
797         .addr     = frnd->clear.frnd,
798         .send_ttl = BLE_MESH_TTL_MAX,
799     };
800     struct bt_mesh_net_tx tx = {
801         .sub  = friend_subnet_get(frnd->net_idx),
802         .ctx  = &ctx,
803         .src  = bt_mesh_primary_addr(),
804         .xmit = bt_mesh_net_transmit_get(),
805     };
806     struct bt_mesh_ctl_friend_clear req = {
807         .lpn_addr    = sys_cpu_to_be16(frnd->lpn),
808         .lpn_counter = sys_cpu_to_be16(frnd->lpn_counter),
809     };
810 
811     BT_DBG("%s", __func__);
812 
813     if (!tx.sub) {
814         BT_ERR("Invalid subnet for Friend Clear");
815         return;
816     }
817 
818     bt_mesh_ctl_send(&tx, TRANS_CTL_OP_FRIEND_CLEAR, &req,
819                      sizeof(req), &clear_sent_cb, frnd);
820 }
821 
clear_timeout(struct k_work * work)822 static void clear_timeout(struct k_work *work)
823 {
824     struct bt_mesh_friend *frnd = CONTAINER_OF(work, struct bt_mesh_friend,
825                                   clear.timer.work);
826     uint32_t duration = 0U;
827 
828     BT_DBG("LPN 0x%04x (old) Friend 0x%04x", frnd->lpn, frnd->clear.frnd);
829 
830     duration = k_uptime_get_32() - frnd->clear.start;
831     if (duration > 2 * frnd->poll_to) {
832         BT_DBG("Clear Procedure timer expired");
833         frnd->clear.frnd = BLE_MESH_ADDR_UNASSIGNED;
834         return;
835     }
836 
837     send_friend_clear(frnd);
838 }
839 
clear_procedure_start(struct bt_mesh_friend * frnd)840 static void clear_procedure_start(struct bt_mesh_friend *frnd)
841 {
842     BT_DBG("LPN 0x%04x (old) Friend 0x%04x", frnd->lpn, frnd->clear.frnd);
843 
844     frnd->clear.start = k_uptime_get_32();
845     frnd->clear.repeat_sec = 1U;
846 
847     send_friend_clear(frnd);
848 }
849 
bt_mesh_friend_clear_cfm(struct bt_mesh_net_rx * rx,struct net_buf_simple * buf)850 int bt_mesh_friend_clear_cfm(struct bt_mesh_net_rx *rx,
851                              struct net_buf_simple *buf)
852 {
853     struct bt_mesh_ctl_friend_clear_confirm *msg = (void *)buf->data;
854     struct bt_mesh_friend *frnd = NULL;
855     uint16_t lpn_addr = 0U, lpn_counter = 0U;
856 
857     BT_DBG("%s", __func__);
858 
859     if (buf->len < sizeof(*msg)) {
860         BT_WARN("Too short Friend Clear Confirm (len %d)", buf->len);
861         return -EINVAL;
862     }
863 
864     frnd = find_clear(rx->ctx.addr);
865     if (!frnd) {
866         BT_WARN("No pending clear procedure for 0x%02x", rx->ctx.addr);
867         return 0;
868     }
869 
870     lpn_addr = sys_be16_to_cpu(msg->lpn_addr);
871     if (lpn_addr != frnd->lpn) {
872         BT_WARN("LPN address mismatch (0x%04x != 0x%04x)",
873                 lpn_addr, frnd->lpn);
874         return 0;
875     }
876 
877     lpn_counter = sys_be16_to_cpu(msg->lpn_counter);
878     if (lpn_counter != frnd->lpn_counter) {
879         BT_WARN("LPN counter mismatch (0x%04x != 0x%04x)",
880                 lpn_counter, frnd->lpn_counter);
881         return 0;
882     }
883 
884     k_delayed_work_cancel(&frnd->clear.timer);
885     frnd->clear.frnd = BLE_MESH_ADDR_UNASSIGNED;
886 
887     return 0;
888 }
889 
enqueue_offer(struct bt_mesh_friend * frnd,int8_t rssi)890 static void enqueue_offer(struct bt_mesh_friend *frnd, int8_t rssi)
891 {
892     struct bt_mesh_ctl_friend_offer *off = NULL;
893     NET_BUF_SIMPLE_DEFINE(sdu, 1 + sizeof(*off));
894     struct net_buf *buf = NULL;
895 
896     BT_DBG("%s", __func__);
897 
898     net_buf_simple_reserve(&sdu, 1);
899 
900     off = net_buf_simple_add(&sdu, sizeof(*off));
901 
902     off->recv_win = CONFIG_BLE_MESH_FRIEND_RECV_WIN,
903          off->queue_size = CONFIG_BLE_MESH_FRIEND_QUEUE_SIZE,
904               off->sub_list_size = ARRAY_SIZE(frnd->sub_list),
905                    off->rssi = rssi,
906                         off->frnd_counter = sys_cpu_to_be16(frnd->counter);
907 
908     buf = encode_friend_ctl(frnd, TRANS_CTL_OP_FRIEND_OFFER, &sdu);
909     if (!buf) {
910         BT_ERR("Unable to encode Friend Offer");
911         return;
912     }
913 
914     if (encrypt_friend_pdu(frnd, buf, true)) {
915         return;
916     }
917 
918     frnd->counter++;
919 
920     if (frnd->last) {
921         net_buf_unref(frnd->last);
922     }
923 
924     frnd->last = buf;
925     frnd->send_last = 1U;
926 }
927 
928 #define RECV_WIN                  CONFIG_BLE_MESH_FRIEND_RECV_WIN
929 #define RSSI_FACT(crit)           (((crit) >> 5) & (uint8_t)BIT_MASK(2))
930 #define RECV_WIN_FACT(crit)       (((crit) >> 3) & (uint8_t)BIT_MASK(2))
931 #define MIN_QUEUE_SIZE_LOG(crit)  ((crit) & (uint8_t)BIT_MASK(3))
932 #define MIN_QUEUE_SIZE(crit)      ((uint32_t)BIT(MIN_QUEUE_SIZE_LOG(crit)))
933 
offer_delay(struct bt_mesh_friend * frnd,int8_t rssi,uint8_t crit)934 static int32_t offer_delay(struct bt_mesh_friend *frnd, int8_t rssi, uint8_t crit)
935 {
936     /* Scaling factors. The actual values are 1, 1.5, 2 & 2.5, but we
937      * want to avoid floating-point arithmetic.
938      */
939     static const uint8_t fact[] = { 10, 15, 20, 25 };
940     int32_t delay = 0;
941 
942     BT_INFO("ReceiveWindowFactor %u ReceiveWindow %u RSSIFactor %u RSSI %d",
943            fact[RECV_WIN_FACT(crit)], RECV_WIN,
944            fact[RSSI_FACT(crit)], rssi);
945 
946     /* Delay = ReceiveWindowFactor * ReceiveWindow - RSSIFactor * RSSI */
947     delay = (int32_t)fact[RECV_WIN_FACT(crit)] * RECV_WIN;
948     delay -= (int32_t)fact[RSSI_FACT(crit)] * rssi;
949     delay /= 10;
950 
951     BT_DBG("Local Delay calculated as %d ms", delay);
952 
953     if (delay < 100) {
954         return K_MSEC(100);
955     }
956 
957     return K_MSEC(delay);
958 }
959 
bt_mesh_friend_req(struct bt_mesh_net_rx * rx,struct net_buf_simple * buf)960 int bt_mesh_friend_req(struct bt_mesh_net_rx *rx, struct net_buf_simple *buf)
961 {
962     struct bt_mesh_ctl_friend_req *msg = (void *)buf->data;
963     struct bt_mesh_friend *frnd = NULL;
964     uint32_t poll_to = 0U;
965     int i;
966 
967     if (buf->len < sizeof(*msg)) {
968         BT_WARN("Too short Friend Request (len %d)", buf->len);
969         return -EINVAL;
970     }
971 
972     if (msg->recv_delay <= 0x09) {
973         BT_WARN("Prohibited ReceiveDelay (0x%02x)", msg->recv_delay);
974         return -EINVAL;
975     }
976 
977     poll_to = sys_get_be24(msg->poll_to);
978 
979     if (poll_to <= 0x000009 || poll_to >= 0x34bc00) {
980         BT_WARN("Prohibited PollTimeout (0x%06x)", poll_to);
981         return -EINVAL;
982     }
983 
984     if (msg->num_elem == 0x00) {
985         BT_WARN("Prohibited NumElements value (0x00)");
986         return -EINVAL;
987     }
988 
989     if (!BLE_MESH_ADDR_IS_UNICAST(rx->ctx.addr + msg->num_elem - 1)) {
990         BT_WARN("LPN elements stretch outside of unicast range");
991         return -EINVAL;
992     }
993 
994     if (!MIN_QUEUE_SIZE_LOG(msg->criteria)) {
995         BT_WARN("Prohibited Minimum Queue Size in Friend Request");
996         return -EINVAL;
997     }
998 
999     if (CONFIG_BLE_MESH_FRIEND_QUEUE_SIZE < MIN_QUEUE_SIZE(msg->criteria)) {
1000         BT_WARN("We have a too small Friend Queue size (%u < %u)",
1001                 CONFIG_BLE_MESH_FRIEND_QUEUE_SIZE,
1002                 MIN_QUEUE_SIZE(msg->criteria));
1003         return 0;
1004     }
1005 
1006     frnd = bt_mesh_friend_find(rx->sub->net_idx, rx->ctx.addr, true, false);
1007     if (frnd) {
1008         BT_WARN("Existing LPN re-requesting Friendship");
1009         friend_clear(frnd, BLE_MESH_FRIENDSHIP_TERMINATE_RECV_FRND_REQ);
1010         goto init_friend;
1011     }
1012 
1013     for (i = 0; i < ARRAY_SIZE(bt_mesh.frnd); i++) {
1014         if (!bt_mesh.frnd[i].valid) {
1015             frnd = &bt_mesh.frnd[i];
1016             frnd->valid = 1U;
1017             break;
1018         }
1019     }
1020 
1021     if (!frnd) {
1022         BT_WARN("No free Friend contexts for new LPN");
1023         return -ENOMEM;
1024     }
1025 
1026 init_friend:
1027     frnd->lpn = rx->ctx.addr;
1028     frnd->num_elem = msg->num_elem;
1029     frnd->net_idx = rx->sub->net_idx;
1030     frnd->recv_delay = msg->recv_delay;
1031     frnd->poll_to = poll_to * 100U;
1032     frnd->lpn_counter = sys_be16_to_cpu(msg->lpn_counter);
1033     frnd->clear.frnd = sys_be16_to_cpu(msg->prev_addr);
1034 
1035     BT_INFO("LPN 0x%04x rssi %d recv_delay %u poll_to %ums",
1036            frnd->lpn, rx->ctx.recv_rssi, frnd->recv_delay, frnd->poll_to);
1037 
1038     /**
1039      * Spec says:
1040      * After a friendship has been established, if the PreviousAddress field
1041      * of the Friend Request message contains a valid unicast address that is
1042      * not the Friend node’s own unicast address, then the Friend node shall
1043      * begin sending Friend Clear messages to that unicast address.
1044      */
1045     if (BLE_MESH_ADDR_IS_UNICAST(frnd->clear.frnd) &&
1046             !bt_mesh_elem_find(frnd->clear.frnd)) {
1047         clear_procedure_start(frnd);
1048     }
1049 
1050     k_delayed_work_submit(&frnd->timer,
1051                           offer_delay(frnd, rx->ctx.recv_rssi,
1052                                       msg->criteria));
1053 
1054     friend_cred_create(rx->sub, frnd->lpn, frnd->lpn_counter,
1055                        frnd->counter);
1056 
1057     enqueue_offer(frnd, rx->ctx.recv_rssi);
1058 
1059     return 0;
1060 }
1061 
is_seg(struct bt_mesh_friend_seg * seg,uint16_t src,uint16_t seq_zero)1062 static bool is_seg(struct bt_mesh_friend_seg *seg, uint16_t src, uint16_t seq_zero)
1063 {
1064     struct net_buf *buf = (void *)sys_slist_peek_head(&seg->queue);
1065     struct net_buf_simple_state state = {0};
1066     uint16_t buf_seq_zero = 0U;
1067     uint16_t buf_src = 0U;
1068 
1069     if (!buf) {
1070         return false;
1071     }
1072 
1073     net_buf_simple_save(&buf->b, &state);
1074     net_buf_skip(buf, 5);   /* skip IVI, NID, CTL, TTL, SEQ */
1075     buf_src = net_buf_pull_be16(buf);
1076     net_buf_skip(buf, 3);   /* skip DST, OP/AID */
1077     buf_seq_zero = ((net_buf_pull_be16(buf) >> 2) & TRANS_SEQ_ZERO_MASK);
1078     net_buf_simple_restore(&buf->b, &state);
1079 
1080     return ((src == buf_src) && (seq_zero == buf_seq_zero));
1081 }
1082 
get_seg(struct bt_mesh_friend * frnd,uint16_t src,uint16_t seq_zero,uint8_t seg_count)1083 static struct bt_mesh_friend_seg *get_seg(struct bt_mesh_friend *frnd,
1084                                           uint16_t src, uint16_t seq_zero,
1085                                           uint8_t seg_count)
1086 {
1087     struct bt_mesh_friend_seg *unassigned = NULL;
1088     int i;
1089 
1090     for (i = 0; i < ARRAY_SIZE(frnd->seg); i++) {
1091         struct bt_mesh_friend_seg *seg = &frnd->seg[i];
1092 
1093         if (is_seg(seg, src, seq_zero)) {
1094             return seg;
1095         }
1096 
1097         if (!unassigned && !sys_slist_peek_head(&seg->queue)) {
1098             unassigned = seg;
1099         }
1100     }
1101 
1102     if (unassigned) {
1103         unassigned->seg_count = seg_count;
1104     }
1105 
1106     return unassigned;
1107 }
1108 
enqueue_friend_pdu(struct bt_mesh_friend * frnd,enum bt_mesh_friend_pdu_type type,uint16_t src,uint8_t seg_count,struct net_buf * buf)1109 static void enqueue_friend_pdu(struct bt_mesh_friend *frnd,
1110                                enum bt_mesh_friend_pdu_type type,
1111                                uint16_t src, uint8_t seg_count,
1112                                struct net_buf *buf)
1113 {
1114     struct bt_mesh_friend_seg *seg = NULL;
1115 
1116     BT_DBG("type %u", type);
1117 
1118     if (type == BLE_MESH_FRIEND_PDU_SINGLE) {
1119         if (frnd->sec_update) {
1120             enqueue_update(frnd, 1);
1121         }
1122 
1123         enqueue_buf(frnd, buf);
1124         return;
1125     }
1126 
1127     uint16_t seq_zero = (((buf->data[10] << 8 | buf->data[11]) >> 2) & TRANS_SEQ_ZERO_MASK);
1128 
1129     seg = get_seg(frnd, src, seq_zero, seg_count);
1130     if (!seg) {
1131         BT_ERR("No free friend segment RX contexts for 0x%04x", src);
1132         net_buf_unref(buf);
1133         return;
1134     }
1135 
1136     net_buf_slist_put(&seg->queue, buf);
1137 
1138     if (type == BLE_MESH_FRIEND_PDU_COMPLETE) {
1139         if (frnd->sec_update) {
1140             enqueue_update(frnd, 1);
1141         }
1142 
1143         sys_slist_merge_slist(&frnd->queue, &seg->queue);
1144 
1145         frnd->queue_size += seg->seg_count;
1146         seg->seg_count = 0U;
1147     } else {
1148         /* Mark the buffer as having more to come after it */
1149         buf->flags |= NET_BUF_FRAGS;
1150     }
1151 }
1152 
buf_send_start(uint16_t duration,int err,void * user_data)1153 static void buf_send_start(uint16_t duration, int err, void *user_data)
1154 {
1155     struct bt_mesh_friend *frnd = user_data;
1156 
1157     BT_DBG("err %d", err);
1158 
1159     frnd->pending_buf = 0U;
1160 
1161     /* Friend Offer doesn't follow the re-sending semantics */
1162     if (!frnd->established) {
1163         net_buf_unref(frnd->last);
1164         frnd->last = NULL;
1165     }
1166 }
1167 
buf_send_end(int err,void * user_data)1168 static void buf_send_end(int err, void *user_data)
1169 {
1170     struct bt_mesh_friend *frnd = user_data;
1171 
1172     BT_DBG("err %d", err);
1173 
1174     if (frnd->pending_req) {
1175         BT_WARN("Another request before previous completed sending");
1176         return;
1177     }
1178 
1179     if (frnd->established) {
1180         k_delayed_work_submit(&frnd->timer, frnd->poll_to);
1181         BT_DBG("Waiting %u ms for next poll", frnd->poll_to);
1182     } else {
1183         /* Friend offer timeout is 1 second */
1184         k_delayed_work_submit(&frnd->timer, K_SECONDS(1));
1185         BT_DBG("Waiting for first poll");
1186     }
1187 }
1188 
friend_timeout(struct k_work * work)1189 static void friend_timeout(struct k_work *work)
1190 {
1191     struct bt_mesh_friend *frnd = CONTAINER_OF(work, struct bt_mesh_friend,
1192                                   timer.work);
1193     static const struct bt_mesh_send_cb buf_sent_cb = {
1194         .start = buf_send_start,
1195         .end = buf_send_end,
1196     };
1197 
1198     if (frnd->pending_buf != 0U) {
1199         BT_ERR("Previous buffer not yet sent!");
1200         return;
1201     }
1202 
1203     BT_DBG("lpn 0x%04x send_last %u last %p", frnd->lpn,
1204            frnd->send_last, frnd->last);
1205 
1206     if (frnd->send_last && frnd->last) {
1207         BT_DBG("Sending frnd->last %p", frnd->last);
1208         frnd->send_last = 0U;
1209         goto send_last;
1210     }
1211 
1212     if (frnd->established && !frnd->pending_req) {
1213         BT_WARN("Friendship lost with 0x%04x", frnd->lpn);
1214         friend_clear(frnd, BLE_MESH_FRIENDSHIP_TERMINATE_POLL_TIMEOUT);
1215         return;
1216     }
1217 
1218     frnd->last = (void *)sys_slist_get(&frnd->queue);
1219     if (!frnd->last) {
1220         BT_WARN("Friendship not established with 0x%04x", frnd->lpn);
1221         friend_clear(frnd, BLE_MESH_FRIENDSHIP_TERMINATE_ESTABLISH_FAIL);
1222         return;
1223     }
1224 
1225     if (encrypt_friend_pdu(frnd, frnd->last, false)) {
1226         return;
1227     }
1228 
1229     /* Clear the flag we use for segment tracking */
1230     frnd->last->flags &= ~NET_BUF_FRAGS;
1231     frnd->last->frags = NULL;
1232 
1233     BT_DBG("Sending buf %p from Friend Queue of LPN 0x%04x",
1234            frnd->last, frnd->lpn);
1235     frnd->queue_size--;
1236 
1237 send_last:
1238     frnd->pending_req = 0U;
1239     frnd->pending_buf = 1U;
1240     bt_mesh_adv_send(frnd->last, &buf_sent_cb, frnd);
1241 }
1242 
bt_mesh_friend_set_cb(void (* cb)(bool establish,uint16_t lpn_addr,uint8_t reason))1243 void bt_mesh_friend_set_cb(void (*cb)(bool establish, uint16_t lpn_addr, uint8_t reason))
1244 {
1245     friend_cb = cb;
1246 }
1247 
bt_mesh_friend_init(void)1248 int bt_mesh_friend_init(void)
1249 {
1250     int i;
1251 
1252     if (friend_init == true) {
1253         BT_WARN("%s, Already", __func__);
1254         return -EALREADY;
1255     }
1256 
1257     for (i = 0; i < ARRAY_SIZE(bt_mesh.frnd); i++) {
1258         struct bt_mesh_friend *frnd = &bt_mesh.frnd[i];
1259         int j;
1260 
1261         frnd->net_idx = BLE_MESH_KEY_UNUSED;
1262 
1263         sys_slist_init(&frnd->queue);
1264 
1265         k_delayed_work_init(&frnd->timer, friend_timeout);
1266         k_delayed_work_init(&frnd->clear.timer, clear_timeout);
1267 
1268         for (j = 0; j < ARRAY_SIZE(frnd->seg); j++) {
1269             sys_slist_init(&frnd->seg[j].queue);
1270         }
1271     }
1272 
1273     friend_init = true;
1274 
1275     return 0;
1276 }
1277 
1278 #if CONFIG_BLE_MESH_DEINIT
bt_mesh_friend_deinit(void)1279 int bt_mesh_friend_deinit(void)
1280 {
1281     int i;
1282 
1283     if (friend_init == false) {
1284         BT_WARN("%s, Already", __func__);
1285         return -EALREADY;
1286     }
1287 
1288     bt_mesh_friend_clear_net_idx(BLE_MESH_KEY_ANY);
1289 
1290     for (i = 0; i < ARRAY_SIZE(bt_mesh.frnd); i++) {
1291         struct bt_mesh_friend *frnd = &bt_mesh.frnd[i];
1292 
1293         frnd->net_idx = BLE_MESH_KEY_UNUSED;
1294 
1295         k_delayed_work_free(&frnd->timer);
1296         k_delayed_work_free(&frnd->clear.timer);
1297     }
1298 
1299     bt_mesh_unref_buf_from_pool(&friend_buf_pool);
1300     memset(adv_pool, 0, sizeof(adv_pool));
1301 
1302     friend_init = false;
1303 
1304     return 0;
1305 }
1306 #endif /* CONFIG_BLE_MESH_DEINIT */
1307 
is_segack(struct net_buf * buf,const uint64_t * seqauth,uint16_t src)1308 static bool is_segack(struct net_buf *buf, const uint64_t *seqauth, uint16_t src)
1309 {
1310     struct net_buf_simple_state state = {0};
1311     bool found = false;
1312 
1313     if (buf->len != 16) {
1314         return false;
1315     }
1316 
1317     net_buf_simple_save(&buf->b, &state);
1318 
1319     net_buf_skip(buf, 1); /* skip IVI, NID */
1320 
1321     if (!(net_buf_pull_u8(buf) >> 7)) {
1322         goto end;
1323     }
1324 
1325     net_buf_pull(buf, 3); /* skip SEQNUM */
1326 
1327     if (src != net_buf_pull_be16(buf)) {
1328         goto end;
1329     }
1330 
1331     net_buf_skip(buf, 2); /* skip dst */
1332 
1333     if (TRANS_CTL_OP((uint8_t *) net_buf_pull_mem(buf, 1)) != TRANS_CTL_OP_ACK) {
1334         goto end;
1335     }
1336 
1337     found = ((net_buf_pull_be16(buf) >> 2) & TRANS_SEQ_ZERO_MASK) ==
1338         (*seqauth & TRANS_SEQ_ZERO_MASK);
1339 end:
1340     net_buf_simple_restore(&buf->b, &state);
1341     return found;
1342 }
1343 
friend_purge_old_ack(struct bt_mesh_friend * frnd,const uint64_t * seq_auth,uint16_t src)1344 static void friend_purge_old_ack(struct bt_mesh_friend *frnd,
1345                                  const uint64_t *seq_auth, uint16_t src)
1346 {
1347     sys_snode_t *cur = NULL, *prev = NULL;
1348 
1349     BT_DBG("SeqAuth %llx src 0x%04x", *seq_auth, src);
1350 
1351     for (cur = sys_slist_peek_head(&frnd->queue);
1352             cur != NULL; prev = cur, cur = sys_slist_peek_next(cur)) {
1353         struct net_buf *buf = (void *)cur;
1354 
1355         if (is_segack(buf, seq_auth, src)) {
1356             BT_DBG("Removing old ack from Friend Queue");
1357 
1358             sys_slist_remove(&frnd->queue, prev, cur);
1359             frnd->queue_size--;
1360             /* Make sure old slist entry state doesn't remain */
1361             buf->frags = NULL;
1362 
1363             net_buf_unref(buf);
1364             break;
1365         }
1366     }
1367 }
1368 
friend_lpn_enqueue_rx(struct bt_mesh_friend * frnd,struct bt_mesh_net_rx * rx,enum bt_mesh_friend_pdu_type type,const uint64_t * seq_auth,uint8_t seg_count,struct net_buf_simple * sbuf)1369 static void friend_lpn_enqueue_rx(struct bt_mesh_friend *frnd,
1370                                   struct bt_mesh_net_rx *rx,
1371                                   enum bt_mesh_friend_pdu_type type,
1372                                   const uint64_t *seq_auth, uint8_t seg_count,
1373                                   struct net_buf_simple *sbuf)
1374 {
1375     struct friend_pdu_info info = {0};
1376     struct net_buf *buf = NULL;
1377 
1378     /* Because of network loopback, tx packets will also be passed into
1379      * this rx function. These packets have already been added to the
1380      * queue, and should be ignored.
1381      */
1382     if (bt_mesh_elem_find(rx->ctx.addr)) {
1383         return;
1384     }
1385 
1386     BT_DBG("LPN 0x%04x queue_size %u", frnd->lpn, frnd->queue_size);
1387 
1388     if (type == BLE_MESH_FRIEND_PDU_SINGLE && seq_auth) {
1389         friend_purge_old_ack(frnd, seq_auth, rx->ctx.addr);
1390     }
1391 
1392     info.src = rx->ctx.addr;
1393     info.dst = rx->ctx.recv_dst;
1394 
1395     if (rx->net_if == BLE_MESH_NET_IF_LOCAL) {
1396         info.ttl = rx->ctx.recv_ttl;
1397     } else {
1398         info.ttl = rx->ctx.recv_ttl - 1U;
1399     }
1400 
1401     info.ctl = rx->ctl;
1402 
1403     sys_put_be24(rx->seq, info.seq);
1404 
1405     info.iv_index = BLE_MESH_NET_IVI_RX(rx);
1406 
1407     buf = create_friend_pdu(frnd, &info, sbuf);
1408     if (!buf) {
1409         BT_ERR("Failed to encode Friend buffer");
1410         return;
1411     }
1412 
1413     enqueue_friend_pdu(frnd, type, info.src, seg_count, buf);
1414 
1415     BT_DBG("Queued message for LPN 0x%04x, queue_size %u",
1416            frnd->lpn, frnd->queue_size);
1417 }
1418 
friend_lpn_enqueue_tx(struct bt_mesh_friend * frnd,struct bt_mesh_net_tx * tx,enum bt_mesh_friend_pdu_type type,const uint64_t * seq_auth,uint8_t seg_count,struct net_buf_simple * sbuf)1419 static void friend_lpn_enqueue_tx(struct bt_mesh_friend *frnd,
1420                                   struct bt_mesh_net_tx *tx,
1421                                   enum bt_mesh_friend_pdu_type type,
1422                                   const uint64_t *seq_auth, uint8_t seg_count,
1423                                   struct net_buf_simple *sbuf)
1424 {
1425     struct friend_pdu_info info = {0};
1426     struct net_buf *buf = NULL;
1427 
1428     BT_DBG("LPN 0x%04x", frnd->lpn);
1429 
1430     if (type == BLE_MESH_FRIEND_PDU_SINGLE && seq_auth) {
1431         friend_purge_old_ack(frnd, seq_auth, tx->src);
1432     }
1433 
1434     info.src = tx->src;
1435     info.dst = tx->ctx->addr;
1436 
1437     info.ttl = tx->ctx->send_ttl;
1438     info.ctl = (tx->ctx->app_idx == BLE_MESH_KEY_UNUSED);
1439 
1440     sys_put_be24(bt_mesh.seq, info.seq);
1441 
1442     info.iv_index = BLE_MESH_NET_IVI_TX;
1443 
1444     buf = create_friend_pdu(frnd, &info, sbuf);
1445     if (!buf) {
1446         BT_ERR("Failed to encode Friend buffer");
1447         return;
1448     }
1449 
1450     if (type == BLE_MESH_FRIEND_PDU_SINGLE && !info.ctl) {
1451         /* Unsegmented application packets may be re-encrypted later,
1452          * as they depend on the the sequence number being the same
1453          * when encrypting in transport and network.
1454          */
1455         FRIEND_ADV(buf)->app_idx = tx->ctx->app_idx;
1456     }
1457 
1458     enqueue_friend_pdu(frnd, type, info.src, seg_count, buf);
1459 
1460     BT_DBG("Queued message for LPN 0x%04x", frnd->lpn);
1461 }
1462 
friend_lpn_matches(struct bt_mesh_friend * frnd,uint16_t net_idx,uint16_t addr)1463 static bool friend_lpn_matches(struct bt_mesh_friend *frnd, uint16_t net_idx,
1464                                uint16_t addr)
1465 {
1466     int i;
1467 
1468     if (!frnd->established) {
1469         return false;
1470     }
1471 
1472     if (net_idx != frnd->net_idx) {
1473         return false;
1474     }
1475 
1476     if (BLE_MESH_ADDR_IS_UNICAST(addr)) {
1477         return is_lpn_unicast(frnd, addr);
1478     }
1479 
1480     for (i = 0; i < ARRAY_SIZE(frnd->sub_list); i++) {
1481         if (frnd->sub_list[i] == addr) {
1482             return true;
1483         }
1484     }
1485 
1486     return false;
1487 }
1488 
bt_mesh_friend_match(uint16_t net_idx,uint16_t addr)1489 bool bt_mesh_friend_match(uint16_t net_idx, uint16_t addr)
1490 {
1491     int i;
1492 
1493     for (i = 0; i < ARRAY_SIZE(bt_mesh.frnd); i++) {
1494         struct bt_mesh_friend *frnd = &bt_mesh.frnd[i];
1495 
1496         if (friend_lpn_matches(frnd, net_idx, addr)) {
1497             BT_DBG("LPN 0x%04x matched address 0x%04x",
1498                    frnd->lpn, addr);
1499             return true;
1500         }
1501     }
1502 
1503     BT_DBG("No matching LPN for address 0x%04x", addr);
1504 
1505     return false;
1506 }
1507 
friend_queue_has_space(struct bt_mesh_friend * frnd,uint16_t addr,const uint64_t * seq_auth,uint8_t seg_count)1508 static bool friend_queue_has_space(struct bt_mesh_friend *frnd, uint16_t addr,
1509                                    const uint64_t *seq_auth, uint8_t seg_count)
1510 {
1511     uint32_t total = 0U;
1512     int i;
1513 
1514     if (seg_count > CONFIG_BLE_MESH_FRIEND_QUEUE_SIZE) {
1515         return false;
1516     }
1517 
1518     for (i = 0; i < ARRAY_SIZE(frnd->seg); i++) {
1519         struct bt_mesh_friend_seg *seg = &frnd->seg[i];
1520 
1521         if (seq_auth && is_seg(seg, addr, *seq_auth & TRANS_SEQ_ZERO_MASK)) {
1522             /* If there's a segment queue for this message then the
1523              * space verification has already happened.
1524              */
1525             return true;
1526         }
1527 
1528         total += seg->seg_count;
1529     }
1530 
1531     /* If currently pending segments combined with this segmented message
1532      * are more than the Friend Queue Size, then there's no space. This
1533      * is because we don't have a mechanism of aborting already pending
1534      * segmented messages to free up buffers.
1535      */
1536     return (CONFIG_BLE_MESH_FRIEND_QUEUE_SIZE - total) > seg_count;
1537 }
1538 
bt_mesh_friend_queue_has_space(uint16_t net_idx,uint16_t src,uint16_t dst,const uint64_t * seq_auth,uint8_t seg_count)1539 bool bt_mesh_friend_queue_has_space(uint16_t net_idx, uint16_t src, uint16_t dst,
1540                                     const uint64_t *seq_auth, uint8_t seg_count)
1541 {
1542     bool someone_has_space = false, friend_match = false;
1543     int i;
1544 
1545     for (i = 0; i < ARRAY_SIZE(bt_mesh.frnd); i++) {
1546         struct bt_mesh_friend *frnd = &bt_mesh.frnd[i];
1547 
1548         if (!friend_lpn_matches(frnd, net_idx, dst)) {
1549             continue;
1550         }
1551 
1552         friend_match = true;
1553 
1554         if (friend_queue_has_space(frnd, src, seq_auth, seg_count)) {
1555             someone_has_space = true;
1556         }
1557     }
1558 
1559     /* If there were no matched LPNs treat this as success, so the
1560      * transport layer can continue its work.
1561      */
1562     if (!friend_match) {
1563         return true;
1564     }
1565 
1566     /* From the transport layers perspective it's good enough that at
1567      * least one Friend Queue has space. If there were multiple Friend
1568      * matches then the destination must be a group address, in which
1569      * case e.g. segment acks are not sent.
1570      */
1571     return someone_has_space;
1572 }
1573 
friend_queue_prepare_space(struct bt_mesh_friend * frnd,uint16_t addr,const uint64_t * seq_auth,uint8_t seg_count)1574 static bool friend_queue_prepare_space(struct bt_mesh_friend *frnd, uint16_t addr,
1575                                        const uint64_t *seq_auth, uint8_t seg_count)
1576 {
1577     bool pending_segments = false;
1578     uint8_t avail_space = 0U;
1579 
1580     if (!friend_queue_has_space(frnd, addr, seq_auth, seg_count)) {
1581         return false;
1582     }
1583 
1584     avail_space = CONFIG_BLE_MESH_FRIEND_QUEUE_SIZE - frnd->queue_size;
1585     pending_segments = false;
1586 
1587     while (pending_segments || avail_space < seg_count) {
1588         struct net_buf *buf = (void *)sys_slist_get(&frnd->queue);
1589 
1590         if (!buf) {
1591             BT_ERR("Unable to free up enough buffers");
1592             return false;
1593         }
1594 
1595         frnd->queue_size--;
1596         avail_space++;
1597 
1598         pending_segments = (buf->flags & NET_BUF_FRAGS);
1599 
1600         /* Make sure old slist entry state doesn't remain */
1601         buf->frags = NULL;
1602         buf->flags &= ~NET_BUF_FRAGS;
1603 
1604         net_buf_unref(buf);
1605     }
1606 
1607     return true;
1608 }
1609 
bt_mesh_friend_enqueue_rx(struct bt_mesh_net_rx * rx,enum bt_mesh_friend_pdu_type type,const uint64_t * seq_auth,uint8_t seg_count,struct net_buf_simple * sbuf)1610 void bt_mesh_friend_enqueue_rx(struct bt_mesh_net_rx *rx,
1611                                enum bt_mesh_friend_pdu_type type,
1612                                const uint64_t *seq_auth, uint8_t seg_count,
1613                                struct net_buf_simple *sbuf)
1614 {
1615     int i;
1616 
1617     if (!rx->friend_match ||
1618             (rx->ctx.recv_ttl <= 1U && rx->net_if != BLE_MESH_NET_IF_LOCAL) ||
1619             bt_mesh_friend_get() != BLE_MESH_FRIEND_ENABLED) {
1620         return;
1621     }
1622 
1623     BT_DBG("recv_ttl %u net_idx 0x%04x src 0x%04x dst 0x%04x",
1624            rx->ctx.recv_ttl, rx->sub->net_idx, rx->ctx.addr,
1625            rx->ctx.recv_dst);
1626 
1627     for (i = 0; i < ARRAY_SIZE(bt_mesh.frnd); i++) {
1628         struct bt_mesh_friend *frnd = &bt_mesh.frnd[i];
1629 
1630         if (!friend_lpn_matches(frnd, rx->sub->net_idx,
1631                                 rx->ctx.recv_dst)) {
1632             continue;
1633         }
1634 
1635         if (!friend_queue_prepare_space(frnd, rx->ctx.addr, seq_auth,
1636                                         seg_count)) {
1637             continue;
1638         }
1639 
1640         friend_lpn_enqueue_rx(frnd, rx, type, seq_auth, seg_count,
1641                               sbuf);
1642     }
1643 }
1644 
bt_mesh_friend_enqueue_tx(struct bt_mesh_net_tx * tx,enum bt_mesh_friend_pdu_type type,const uint64_t * seq_auth,uint8_t seg_count,struct net_buf_simple * sbuf)1645 bool bt_mesh_friend_enqueue_tx(struct bt_mesh_net_tx *tx,
1646                                enum bt_mesh_friend_pdu_type type,
1647                                const uint64_t *seq_auth, uint8_t seg_count,
1648                                struct net_buf_simple *sbuf)
1649 {
1650     bool matched = false;
1651     int i;
1652 
1653     if (!bt_mesh_friend_match(tx->sub->net_idx, tx->ctx->addr) ||
1654             bt_mesh_friend_get() != BLE_MESH_FRIEND_ENABLED) {
1655         return matched;
1656     }
1657 
1658     BT_DBG("net_idx 0x%04x dst 0x%04x src 0x%04x", tx->sub->net_idx,
1659            tx->ctx->addr, tx->src);
1660 
1661     for (i = 0; i < ARRAY_SIZE(bt_mesh.frnd); i++) {
1662         struct bt_mesh_friend *frnd = &bt_mesh.frnd[i];
1663 
1664         if (!friend_lpn_matches(frnd, tx->sub->net_idx,
1665                                 tx->ctx->addr)) {
1666             continue;
1667         }
1668 
1669         if (!friend_queue_prepare_space(frnd, tx->src, seq_auth,
1670                                         seg_count)) {
1671             continue;
1672         }
1673 
1674         friend_lpn_enqueue_tx(frnd, tx, type, seq_auth, seg_count,
1675                               sbuf);
1676         matched = true;
1677     }
1678 
1679     return matched;
1680 }
1681 
bt_mesh_friend_clear_incomplete(struct bt_mesh_subnet * sub,uint16_t src,uint16_t dst,const uint64_t * seq_auth)1682 void bt_mesh_friend_clear_incomplete(struct bt_mesh_subnet *sub, uint16_t src,
1683                                      uint16_t dst, const uint64_t *seq_auth)
1684 {
1685     int i;
1686 
1687     BT_DBG("%s", __func__);
1688 
1689     for (i = 0; i < ARRAY_SIZE(bt_mesh.frnd); i++) {
1690         struct bt_mesh_friend *frnd = &bt_mesh.frnd[i];
1691         int j;
1692 
1693         if (!friend_lpn_matches(frnd, sub->net_idx, dst)) {
1694             continue;
1695         }
1696 
1697         for (j = 0; j < ARRAY_SIZE(frnd->seg); j++) {
1698             struct bt_mesh_friend_seg *seg = &frnd->seg[j];
1699 
1700             if (!is_seg(seg, src, *seq_auth & TRANS_SEQ_ZERO_MASK)) {
1701                 continue;
1702             }
1703 
1704             BT_WARN("Clearing incomplete segments for 0x%04x", src);
1705 
1706             purge_buffers(&seg->queue);
1707             seg->seg_count = 0U;
1708             break;
1709         }
1710     }
1711 }
1712 
bt_mesh_friend_remove_lpn(uint16_t lpn_addr)1713 void bt_mesh_friend_remove_lpn(uint16_t lpn_addr)
1714 {
1715     struct bt_mesh_friend *frnd = NULL;
1716 
1717     frnd = bt_mesh_friend_find(BLE_MESH_KEY_ANY, lpn_addr, false, false);
1718     if (frnd) {
1719         friend_clear(frnd, BLE_MESH_FRIENDSHIP_TERMINATE_DISABLE);
1720     }
1721 }
1722 
1723 #endif /* CONFIG_BLE_MESH_FRIEND */
1724